The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.

Developers behind the notorious Neverquest had a busy summer adding many new features to the potent Trojan.

Researchers say a proof-of-concept attack using Windows Safe Mode can lead to credential theft and allow hackers to move laterally within a corporate network.

Microsoft this week patched a zero-day vulnerability in the Internet Explorer and Edge browsers being used in the AdGholas malvertising campaign.

Edward Snowden took his case to the media Wednesday arguing a presidential pardon would be important step in preserving democracy and his only hope in returning to the United States. He argued that under the current Espionage Act, future whistleblowers would be less inclined to come forward to expose government abuses of power. “Today whistleblowing...

Apple has finally moved its iOS security update mechanism to HTTPS with today’s release of iOS 10. Previously, updates were sent to devices over HTTP and attackers already present on a network could potentially intercept and manipulate updates. “An issue existed in iOS updates, which did not properly secure user communications. This issue was addressed...

After a month free of Flash Player fixes and emergency patches, Adobe today resumed its monthly ritual of releasing a security update for the maligned software. Today’s update patched 29 issues, most of which enabled remote code execution attacks on the host system. Adobe also updated its Air SDK and Compiler, and Adobe Digital Editions....

With Microsoft’s Patch Tuesday release tomorrow, the countdown begins for application developers to button down code ahead of Microsoft’s new servicing model starting in October that could present vulnerability issues for some businesses. “Tomorrow it’s going to be business as usual, but it will also raise anxiety as we get closer to October,” said Chris...

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in...

Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S. House of Representatives’ Committee on Oversight and Government Reform blasted the...